We just raised $142 million in our Series D Round! Read About Our Plans for the Future

SCIM SCIM

Last Updated: Jun. 25, 2022

Coralogix supports the SCIM specification (System for Cross-domain Identity Management), an open standard that allows you to automate User and Group provisioning using a REST API. 

SCIM lets you create users and groups in Coralogix and give them the proper level of access, as well as to remove access for users (de-provisioning) should they leave your organization or no longer need access to Coralogix.

SCIM Server Authentication: To ensure that accounts can’t be created by unauthorized users, Coralogix uses a Bearer Token authentication.

Integrating Okta with Coralogix

Supported Features 

  • Create Users: New or existing users in Okta will be pushed to Coralogix as new users.
  • Update User Attributes: Updates to user profiles in Okta (firstname, lastname, username) will be updated in Coralogix.
  • Deactivate Users: Users deactivated in Okta will be deactivated in Coralogix. They won’t be able to log in using their team in Coralogix. If a user is reactivated, they will regain access to Coralogix and keep all previously specified access controls.

Okta SCIM Developer Doc

Step 1: Generate a Coralogix API Token

  1. Log in to Coralogix Dashboard (must be an Admin user)
  2. Go to Settings > Configure SAML
  3. Click ‘Advanced’
  4. Click Generate Token and copy the Provisioning Token 

You can use the copy to clipboard button to copy the token.

Step 2: Enable SCIM API integration in Okta

  1. Log in to Okta and add the Coralogix application.
  2. From the application, click on the Provisioning tab and then click Configure API integration.
  3. Select Enable API integration:
  4. Paste the API token you created earlier in Coralogix.

  5. Click ‘Test API Credentials’ and click Save when the test passes

Step 3: Assign users to the Coralogix application in Okta

  1. In Okta, click the ‘Assignments’ tab of the Coralogix application, then click on the ‘Assign’ button and from the drop-down list choose ‘Assign to people’:
  2. From the users’ list choose the Coralogix’s users you want to assign to the account, by clicking the corresponding ‘Assign’ button:
  3. Click ‘Save’
  4. Check the ‘Okta System Log’ screen to see if there are any user provisioning errors:

Integrating OneLogin with Coralogix

Supported Features 

  • Create Users: New or existing users in OneLogin will be pushed to Coralogix as new users.
  • Update User Attributes: Updates to user profiles in OneLogin (firstname, lastname, username) will be updated in Coralogix.
  • Deactivate Users: Users deactivated in OneLogin will be deactivated in Coralogix. They won’t be able to log in using their team in Coralogix. If a user is reactivated, they will regain access to Coralogix and keep all previously specified access controls.

OneLogin SCIM Developer Doc

Step 1: Generate a Coralogix API Token

  1. Log in Coralogix Dashboard (must be an Admin user).
  2. Go to Settings->Configure SAML.
  3. Click Advanced
  4. Click Generate Token.

You can use copy to clipboard button to copy the token

Step 2: Enable SCIM API integration in OneLogin

  1. Log in to OneLogin and add the Coralogix application
  2. From the application, click on the ‘Provisioning’ tab and then click ‘Enable Provisioning’ and then click ‘Save’

  3. From the application, click on the ‘Configuration’ tab and paste the API token you created earlier in Coralogix. As SCIM Base URL use one of the following depends on your team URL:
    Team URLSCIM Base URL
    team_name.coralogix.comhttps://webapi.coralogix.com/scim
    team_name.app.coralogix.inhttps://webapi.app.coralogix.in/scim
    team_name.coralogix.ushttps://webapi.coralogix.us/scim

  4. Click ‘Save’

 

Step 3: Assign users to the Coralogix application in OneLogin

  1. Go to the ‘Applications’ tab in the user profile screen and then click on the “+” button

  2. Choose the Coralogix application and click ‘Continue’

  3. Click ‘Save’

  4. Click ‘Pending’

  5. Click ‘Approve’

Note: The status of ‘provisioned’ means the user was created in Coralogix

  1. Repeat the above steps for each user that you want to add to Coralogix

Troubleshooting

In case your SCIM app is breaking with clicking on the test API button while it returns Null error, please do the following:

  1. Open the application general tab.
  2. Click the Edit button.
  3. Select “Europe (https://api.coralogix.com/)” from the dropdown list.
  4. Click the Save button.

     

     
  5. Try to reauthenticate SCIM.

Integrating Azure Active Directory with Coralogix

This integration will push Azure Active Directory Users and Groups to Coralogix every 40 minutes. A Coralogix admin user needs to assign roles to the Groups on the Coralogix UI.
Or assign roles to a Group using the integration.

Supported features:

  • Create Groups (supported attributes are: displayName, objectId, members)
  • Create Users (supported attributes are: userPrincipalName, givenName, surname)
  • Role –  assign one of the existing roles “AdminUser , Read OnlyData analystInterface user” to a group
  • Update Groups
  • Scope – Set group scope with filter type”Exact”
  • Delete users and Groups

Step 1: Generate a Coralogix API Token

  1. Log in to Coralogix Dashboard (must be an Admin user)
  2. Go to Account Settings > Configure SAML
  3. Under ‘Advanced’ click ‘Generate Provisioning Token
  4. Copy the Provisioning Token (To be configured on the Enterprise Application in Azure Active Directory)

Step 2: Create an Enterprise Application in Azure Active Directory

  1. Log in to Azure.
  1. Go to Azure Active Directory > Enterprise Applications > New Application
  1. Select ‘Create your own application’. Enter the name and click ‘Create
  1. Once the Enterprise Application has been added successfully, Click ‘Provisioning’.
  1. Configure Provisioning mode, Tenant URL and Secret token (provisioning token from Coralogix). Test connection to verify successful integration
  1. Attribute mapping section is activated after a successful connection is established.
  1. Attribute mapping configuration (Group). The default Attribute Mappings and Target Object Actions are sufficient
  1. Attribute mapping configuration (User). The default Attribute Mappings are sufficient.  – Disable the ‘Update’ Target Object Action
  1. Ensure provisioning is ‘On

Active Directory Tenant URLs

RegionCluster URLTenant URL
US.coralogix.ushttps://ng-api-http.coralogix.us/scim
Europe.coralogix.comhttps://ng-api-http.coralogix.com/scim
Singapore.coralogixsg.comhttps://ng-api-http.coralogixsg.com/scim
India.app.coralogix.inhttps://ng-api-http.app.coralogix.in/scim
Stockholm.eu2.coralogix.comhttps://ng-api-http.eu2.coralogix.com/scim

On this page